CN115914164A - Tunnel connection method and device, electronic equipment and storage medium - Google Patents

Tunnel connection method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN115914164A
CN115914164A CN202111142072.6A CN202111142072A CN115914164A CN 115914164 A CN115914164 A CN 115914164A CN 202111142072 A CN202111142072 A CN 202111142072A CN 115914164 A CN115914164 A CN 115914164A
Authority
CN
China
Prior art keywords
port
server
equipment
client
guess
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111142072.6A
Other languages
Chinese (zh)
Inventor
黄诚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Uniview Technologies Co Ltd
Original Assignee
Zhejiang Uniview Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Uniview Technologies Co Ltd filed Critical Zhejiang Uniview Technologies Co Ltd
Priority to CN202111142072.6A priority Critical patent/CN115914164A/en
Publication of CN115914164A publication Critical patent/CN115914164A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Abstract

The disclosure provides a tunnel connection method, a tunnel connection device, an electronic device and a storage medium, wherein the method comprises the following steps: responding to connection requests respectively initiated by client equipment and server equipment, and judging whether NAT type combinations of the client equipment and the server equipment are target type combinations or not by the server equipment; if so, sequentially sending the port guess number and the port guess strategy corresponding to the client equipment and the server equipment according to the respective NAT types of the client equipment and the server equipment; the client device and the server device guess the port of the other side according to the port guessing number and the port guessing strategy received by the client device and the server device respectively, and establish tunnel connection under the condition of correct guess. According to the scheme, the tunnel connection is established between the client device and the server device in a bidirectional guessing mode, and the success rate of the tunnel connection is improved.

Description

Tunnel connection method and device, electronic equipment and storage medium
Technical Field
The present disclosure relates to the field of internet of things technologies, and in particular, to a tunnel connection method and apparatus, an electronic device, and a storage medium.
Background
In the scheme of the internet of things, tunnel connection is an important technology, so that point-to-point network connection between an application program and electronic equipment can be well solved, and the service cost of the whole system is reduced.
In tunnel connection, NAT (Network Address Translation) traversal is involved, and by mapping different private Network addresses to different port numbers of the same public Network Address, a function that multiple hosts in an intranet can use the same IP (Internet Protocol) Address to perform Internet connection is realized. This solves the problem of insufficient IP addresses, but brings many technical problems.
NAT types include the following 4 types: full cone, IP restricted cone, port restricted cone, and symmetric. The port limits the network combination of the cone-shaped NAT and the symmetrical NAT, and the network combination of the symmetrical NAT and the symmetrical NAT, and because of the characteristics of the network types, the success rate of tunnel connection is low, data communication cannot be carried out between corresponding network nodes, and normal data transmission in the network is influenced.
Disclosure of Invention
The disclosure provides a tunnel connection method, a tunnel connection device, an electronic device and a storage medium, so as to achieve the purpose of improving the success rate of tunnel connection.
According to one aspect of the disclosure, a tunnel connection method is provided, which is applied to an intelligent device networking system, the intelligent device networking system at least comprises a server device deployed in a public network, and a client device and a server device deployed in different private networks, and the method comprises:
responding to connection requests respectively initiated by the client device and the server device, and judging whether NAT type combinations of the client device and the server device are target type combinations or not by the server device;
if so, sequentially sending the port guess number and the port guess strategy corresponding to the client equipment and the server equipment according to the respective NAT types of the client equipment and the server equipment;
the client device and the server device guess the ports of the other side each other according to the port guessing number and the port guessing strategy received by the client device and the server device, and establish tunnel connection under the condition that the port guesses correctly.
According to another aspect of the present disclosure, there is provided a tunnel connection apparatus configured in an intelligent device networking system, where the intelligent device networking system at least includes a server device deployed in a public network, and a client device and a server device deployed in different private networks, and the apparatus includes:
the judging module is used for responding to connection requests respectively initiated by the client equipment and the server equipment and judging whether the NAT type combination of the client equipment and the server equipment is a target type combination or not through the server equipment;
the issuing module is used for sequentially sending the guessed port number and the guessed port strategy corresponding to the client equipment and the server equipment according to the respective NAT types of the client equipment and the server equipment if the judging result is positive;
and the connection module guesses the ports of the opposite sides mutually through the client device and the server device according to the guessed port number and the guessed port strategy, and establishes tunnel connection under the condition of correct guess.
According to another aspect of the present disclosure, there is provided an electronic device including:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein, the first and the second end of the pipe are connected with each other,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the tunneling method of any of the embodiments of the present disclosure.
According to another aspect of the present disclosure, there is provided a non-transitory computer-readable storage medium storing computer instructions for causing a computer to perform the tunneling method of any embodiment of the present disclosure.
According to the technology disclosed by the invention, the tunnel connection is established between the client device and the server device in a bidirectional guessing manner, so that the success rate of the tunnel connection is improved.
It should be understood that the statements in this section are not intended to identify key or critical features of the embodiments of the present disclosure, nor are they intended to limit the scope of the present disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
The drawings are included to provide a better understanding of the present solution and are not to be construed as limiting the present disclosure. Wherein:
fig. 1 is a schematic flowchart of a tunnel connection method according to an embodiment of the present disclosure;
fig. 2 is a schematic flowchart of another tunnel connection method provided in an embodiment of the present disclosure;
fig. 3 is a schematic flowchart of another tunnel connection method provided in an embodiment of the present disclosure;
fig. 4 is a flowchart illustrating another tunnel connection method provided by an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of a tunnel connection device according to an embodiment of the present disclosure;
fig. 6 is a block diagram of an electronic device for implementing a tunneling method of an embodiment of the present disclosure.
Detailed Description
Exemplary embodiments of the present disclosure are described below with reference to the accompanying drawings, in which various details of embodiments of the present disclosure are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present disclosure. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
In the embodiment of the present disclosure, 4 types of NATs are explained:
a Full Cone NAT (Full Cone NAT), a connection request for the same private network address X (including IP address and port number) will be mapped to the same public network address Y (including IP address and port number), regardless of the destination address of the request. The NAT will forward all requests sent by the external address Z (including the IP address and port number) to Y to X.
Restricted cone NATs (Restricted NATs), connection requests for the same private network address X (including IP address and port number) will all be mapped to the same public network address Y (including IP address and port number), regardless of the destination address of the request. But only if the private network address X sends a request to the address Z (only including an IP address and no port number) through the public network address Y, the NAT will forward the request sent by Z to Y to X, otherwise the request sent by Z to X will be blocked by the NAT as if it is unauthenticated.
Port Restricted cone NAT (Port Restricted NAT), all connection requests from the same private network address X (including IP address and Port number) will be mapped to the same public network address Y (including IP address and Port number), regardless of the destination address of the request. But only if the private network address X sends a request to the address Z (including an IP address and a port number) through the public network address Y, the NAT will forward the request sent by Z to Y to X, otherwise the request sent by Z to X will be blocked by the NAT as if it were unauthenticated.
Symmetric NATs (Symmetric NATs), connection requests from the same private network address X are mapped to different public network addresses (different port numbers) depending on the destination address (including IP address and port number). Only if the private network address X sends a request to the address Z (including an IP address and a port number) through the public network address Y, the NAT will forward the request sent by Z to Y to X, otherwise the request sent by Z to X will be blocked by the NAT as if it is unauthenticated.
In the embodiment of the disclosure, the intelligent device networking system at least comprises server equipment deployed in a public network, and client equipment and server equipment deployed in different private networks, wherein different types of NATs are deployed in different private networks, and the client equipment and the server equipment can be connected and communicate with the public network through the NATs of the respective private networks. It should be noted that, for different scenes, the client device and the server device are different, for example, for a video monitoring scene, the client device may be a user terminal device installed with a monitoring client, and the server device may be a network camera. When a client device accesses a server device in another private network, a tunnel connection needs to be established to implement peer-to-peer communication, however, if the NAT type combination of the client device and the server device is a network combination of a port restricted cone NAT and a symmetric NAT or a network combination of a symmetric NAT and a symmetric NAT, due to the characteristics of the network types, the success rate of the tunnel connection is low. Based on the method, the tunnel connection method is provided to achieve the purpose of improving the success rate of tunnel connection between the client device and the server device. See the examples below for specific methods.
Fig. 1 is a flowchart illustrating a tunnel connection method according to an embodiment of the present disclosure, where the embodiment is applicable to a case where tunnel connections are established between devices with NATs of different types by using a bidirectional port guessing manner. The method can be executed by a tunnel connection device which is realized in a software and/or hardware mode and is integrated on the electronic equipment.
Specifically, referring to fig. 1, the flow of the tunnel connection method is as follows:
s101, responding to connection requests respectively initiated by the client device and the server device, and judging whether NAT type combinations of the client device and the server device are target type combinations or not by the server device.
In the embodiment of the disclosure, the client device and the server device may initiate connection to the server device in the public network through the respective corresponding NATs, and the server device detects the respective NAT types and public network IP ports of the client device and the server device. It should be noted that the server device may adopt any detection method, and is not limited herein.
After obtaining respective corresponding NAT types of the client device and the server device, judging whether the NAT type combination of the client device and the server device is a target type combination, wherein the target type combination is a combination of a symmetric NAT and a port restricted conical NAT, for example, the NAT type of the client device is the symmetric NAT, and the NAT type of the server device is the port restricted conical NAT; or the NAT type of the client device is a port restriction cone type NAT, and the NAT type of the server device is a symmetric type NAT; in addition, the target type combination may also be a combination of a symmetric NAT and a symmetric NAT, that is, both the NAT type of the client device and the NAT type of the server device are symmetric NATs.
In the embodiment of the present disclosure, if it is determined that the NAT type combination of the client device and the server device is the target type combination, it indicates that the success rate of establishing the tunnel connection between the client device and the server device is low, and the tunnel connection between the client device and the server device may be established according to the steps of S102 to S103, so as to improve the success rate of the connection.
S102, according to respective NAT types of the client device and the server device, sequentially sending respective corresponding port guess number and port guess strategies to the client device and the server device.
S103, the client device and the server device guess the ports of the other side each other according to the guessed port number and the guessed port strategy, and establish tunnel connection under the condition that the guesses are correct.
In the embodiment of the disclosure, the port guess number is used for limiting the number of guess messages sent by the client device or the server device; the port guessing strategy comprises setting strategies of a source port and a destination port when the client device or the server device sends guessing messages. The port guess number and the port guess policy corresponding to different types of NATs are different, and therefore, the port guess number and the port guess policy corresponding to each NAT need to be sequentially sent to the client device and the server device according to the respective NAT type of the client device and the server device. It should be noted that the server device further sends the NAT type and the public network IP port information of the client to the server device, and also sends the NAT type and the public network IP port information of the server device to the client device.
In an optional implementation manner, if the NAT type of the client device is a symmetric NAT and the NAT type of the server device is a port restriction cone NAT, when the client device and the server device guess the port of the other side, the following steps may be performed: (1) The client device sends a first type guess message with random source port and fixed target port to the server device according to the public network IP port information of the client device and the public network IP port information of the server device, namely the source port of the first type guess message can be any public network IP port of the client device, and the target port is the public network IP port of the server device; (2) After the plurality of ports of the client device are opened, the server device sends a second type guess message with a fixed source port and a random destination port to the client device according to the public network IP port information of the client device and the public network IP port information of the client device, so that the second type guess message collides with the first type guess message, wherein the source port of the second type guess message can be the public network IP port of the server device, the destination port is any public network IP port of the client device, the number of the first type guess messages is equal to the guess number of the ports received by the client device, and the number of the second type guess messages is equal to the guess number of the ports received by the server device. If the collision is successful, that is, the client device and the server device are successfully connected through a certain port, so that messages of the other party are received, at the moment, correct guess is determined, and tunnel connection between the client device and the server device is established. After the tunnel connection is established, the ports that are not successfully connected may be released.
In another optional embodiment, if the NAT type of the client device is a port restriction cone NAT and the NAT type of the server device is a symmetric NAT, the following steps may be performed when the client device and the server device guess the port of the other device from each other: (1) The client device sends a third type guessing message with a fixed source port and a random target port to the server device according to the public network IP port information of the client device and the public network IP port information of the server device, namely the source port of the third type guessing message can be the public network IP port of the client device, the target port is any public network IP port of the server device, wherein the number of the third type guessing message is equal to the guessing number of the ports received by the client device; (2) The server device sends a fourth type guessing message with random source port and fixed destination port to the client device according to the public network IP port information of the server device and the public network IP port information of the client device, that is, the source port of the fourth type guessing message can be any public network IP port of the server device, the destination port is the public network IP port of the client device, wherein the number of the fourth type guessing message is equal to the number of port guesses received by the server device. And establishing tunnel connection between the client equipment and the server equipment through collision between the third type guess message and the fourth type guess message and under the condition of successful collision.
In the embodiment of the disclosure, the client device and the server device guess the port of the other side each other according to the port guessing number and the port guessing policy received by the client device and the server device, and establish tunnel connection under the condition of correct guess, so that tunnel connection is established between the client device and the server device by adopting different port guess policies according to different NAT types at two ends in a bidirectional guessing manner, and compared with a one-way guess manner, the success rate of tunnel connection is improved.
Fig. 2 is a schematic flowchart of another tunnel connection method according to an embodiment of the present disclosure, where the embodiment is optimized based on the foregoing embodiment, and referring to fig. 2, a specific flow of the tunnel connection method is as follows:
s201, responding to connection requests respectively initiated by the client device and the server device, and judging whether the NAT type combination of the client device and the NAT type combination of the server device are target type combinations or not by the server device.
If the server device determines that the NAT type combination of the client device and the server device is the target type combination, the steps S202-S205 are executed to establish the tunnel connection.
Further, according to the steps of S202-S203, it is able to quickly determine the port guess numbers corresponding to the client device and the server device.
S202, acquiring a pre-established connection scheme comparison table.
In the embodiment of the present disclosure, the connection scheme lookup table records the guessed number of ports corresponding to different NAT types under different tunnel connection power. Exemplary, connection scheme tables are as follows:
TABLE 1
Figure BDA0003284328690000081
It should be noted that, when constructing the connection scheme comparison table, the server device calculates the combination of m and n with the success rate T as the target. Suppose that Host A is a symmetric NAT and Host B is a port limiting cone NAnd (7) AT. The request is initiated by a Host B, the Host B provides an open Port B, the Host A sends m messages to enable the symmetric NAT to open a plurality of ports, and the Host B sends n messages to guess the open Port of the Host A. The collision is successful, and the probability T of successful connection is as follows:
Figure BDA0003284328690000091
Figure BDA0003284328690000092
therefore, different guess combinations of the port restricted conical NAT and the symmetrical NAT are used for forming different gradient connection success rates and corresponding combination schemes. />
S203, according to the set current tunnel connection success rate, determining port guess numbers corresponding to the NAT type of the client device and the NAT type of the server device from the connection scheme comparison table, and issuing the port guess numbers to the client device and the server device in sequence.
In the embodiment of the present disclosure, a target connection success rate closest to the current tunnel connection success rate may be selected from the connection scheme comparison table according to the set current tunnel connection success rate, and the guessed number m of port-restricted conical NAT ports corresponding to the target connection power and the detected number n of symmetric NAT ports are issued to the corresponding client device or server device, for example, if the NAT type of the client device is a port-restricted type, the value m is issued to the client device.
And S204, sequentially sending respective corresponding port guessing strategies to the client device and the server device according to respective NAT types of the client device and the server device.
S205, the client device and the server device guess the port of the other side according to the port guess number and the port guess strategy received by the client device and the server device, and establish tunnel connection under the condition of correct guess.
The steps of S204-S205 can be referred to the above embodiments, and are not described herein again.
In the embodiment of the disclosure, the server device calculates a combination mode of port guess number m and port guess number n by taking a success rate as a target, so as to form connection success rates with different gradients and corresponding connection schemes, and further can quickly determine the port guess number m and the port guess number n according to the currently set connection power, thereby providing a guarantee for subsequently establishing tunnel connection.
Fig. 3 is a schematic flowchart of another tunnel connection method according to an embodiment of the present disclosure, where the embodiment is optimized based on the foregoing embodiment, and referring to fig. 3, a specific flow of the tunnel connection method is as follows:
s301, responding to connection requests respectively initiated by the client device and the server device, the server device judges whether NAT type combination of the client device and the server device is target type combination.
If the server device determines that the NAT type combination of the client device and the server device is the target type combination, the steps S302-S305 are executed to establish the tunnel connection.
S302, a pre-established connection scheme comparison table is obtained.
In the embodiment of the present disclosure, the connection scheme lookup table records the guessed number of ports corresponding to different NAT types under different tunnel connection power.
And S303, acquiring a preset floating value of the tunnel connection success rate.
S304, according to the floating value and the current tunnel connection success rate, determining the candidate tunnel connection success rate from the connection scheme comparison table.
In the embodiment of the present disclosure, in order to determine the optimal port guess number corresponding to different NAT types, a floating value may be preset, where the floating value may be an upward floating value, or a bidirectional floating value, for example, the floating value may be ± 0.5%.
Furthermore, the connection power range can be determined according to the floating value and the current tunnel connection success rate, and then at least one candidate tunnel connection success rate is determined from the connection scheme comparison table according to the connection power range. Illustratively, the current tunnel connection success rate is 90%, the floating value is optionally ± 0.5%, and the determined success rate range is 89.5% -90.5%, see table 1, and then the candidate tunnel connection success rate is the connection power corresponding to the scheme serial numbers 206-266.
S305, according to port resources and performance parameters of the client device and the server device, determining port guess numbers corresponding to the NAT type of the client device and the NAT type of the server device from port guess numbers corresponding to different NAT types under the power of the connection of the candidate tunnels, and sending the port guess numbers to the client device and the server device in sequence.
In the embodiment of the disclosure, in order to select the optimal port guess number combination corresponding to different types of NATs from the combination scheme corresponding to the connection success rate of each candidate tunnel, the adaptability of the system is improved. In an alternative embodiment, according to the remaining port resources at both ends, the scheme that does not satisfy the use of resources by any port is eliminated, and in the remaining scheme, the emphasis on different system performance parameters is selected. For example, since the symmetric NAT consumes n port resources at each layer and consumes a large amount of port resources for the entire system, a combination scheme is selected in which the port resource consumption at one end of the symmetric NAT is not higher than half of the average value of alternatives.
Illustratively, the combination scheme serial numbers corresponding to the candidate tunnel connection success rates determined by S304 are 260 to 266. If the port restriction cone-shaped NAT residual port resource is 2000 and the symmetric NAT residual port resource is 200, the schemes of the serial numbers 264, 265, and 266 are removed. The remaining alternatives are combination schemes numbered 260, 261, 262 and 263. In the remaining schemes, the symmetric NAT port probing numbers are 170, 190, 100, 150, respectively, with an average value of 152.5. The protocols above this average, i.e., the protocols numbered 260 and 261, were screened out. Of the remaining two schemes with sequence numbers 262 and 263, the scheme with sequence number 263 has the least port consumption total, and is taken as the final scheme. That is, the guessed number m =1000 of port restricted cone NAT ports, and the number n =150 of probing symmetrical NAT ports. And if the NAT type of the client equipment is a port-restricted type and the NAT type of the server equipment is a symmetric type, issuing the m value to the client equipment and issuing the n value to the server equipment.
It should be noted that, in order to select the optimal port guess number combination corresponding to different types of NATs from the combination schemes corresponding to the connection success rates of the candidate tunnels, forms such as weight calculation may also be performed in combination with port resources at the two ends and system performance, or a scheme closest to the average value in the range may be selected, which is not specifically limited herein.
And S306, sequentially sending corresponding port guessing strategies to the client device and the server device according to the respective NAT types of the client device and the server device.
S307, the client device and the server device guess the ports of the other side mutually according to the guessed port number and the guessed port strategy, and establish tunnel connection under the condition that the guesses are correct.
The steps of S306-S307 can be referred to the above embodiments, and are not described herein again.
In the embodiment of the disclosure, the success rate range is determined according to the floating value, and the port guessing number corresponding to the optimal port of different NAT types is selected in the success rate range by combining the port resources and the performance of the device, so that the self-adaptive port guessing number combination selection is realized.
Fig. 4 is a schematic flowchart of another tunnel connection method according to an embodiment of the present disclosure, and this embodiment is optimized based on the foregoing embodiment, and referring to fig. 4, a specific flowchart of the tunnel connection method is as follows:
s401, responding to connection requests respectively initiated by the client device and the server device, and judging whether NAT type combinations of the client device and the server device are target type combinations or not by the server device.
If the server device determines that the NAT type combination of the client device and the server device is the target type combination, the steps S402-S406 are executed.
S402, acquiring a pre-established connection scheme comparison table.
The connection scheme comparison table records the guessed number of ports corresponding to different NAT types under different tunnel connection power.
And S403, determining port guess numbers corresponding to the NAT type of the client device and the NAT type of the server device from the connection scheme comparison table according to the set current tunnel connection success rate, and issuing the port guess numbers to the client device and the server device in sequence.
S404, the client device and the server device guess the port of the other side according to the port guess number and the port guess strategy received by the client device and the server device, and establish tunnel connection under the condition of correct guess.
The steps of S402-S404 may refer to the description of the above embodiments, and are not described herein again.
S405, counting the real connection success rate of the tunnel connection established between the client device and the server device.
S406, judging whether the real connection success rate is larger than the current tunnel connection power, and if so, replacing the current tunnel connection success rate with the real connection success rate.
After S404 is executed, it is counted whether the final connection of the current operation is successful, and then the true connection success rate of the tunnel connection established between the client device and the server device is counted, so as to adjust the current tunnel connection success rate according to the true connection power, and then subsequently select port guess numbers corresponding to different NAT types according to the new connection power.
In the embodiment of the disclosure, the connection success rate is taken as a target for traction, and an optimal port guessed number combination scheme can be selected by combining a preset network networking two-end port guessed number combination scheme, so that the connection success rate can be maintained at a higher level.
Fig. 5 is a schematic structural diagram of a tunnel connection apparatus according to an embodiment of the present disclosure, which is applicable to a case where a tunnel connection is established between devices having NATs of different types by a bidirectional port guessing manner. The device is configured in an intelligent equipment networking system, and the intelligent equipment networking system at least comprises server equipment deployed in a public network, client equipment and server equipment deployed in different private networks. As shown in fig. 5, the apparatus specifically includes:
a judging module 501, configured to respond to connection requests initiated by the client device and the server device, respectively, and judge, by the server device, whether the NAT type combination of the client device and the server device is a target type combination;
the issuing module 502 is configured to, if the determination result is yes, sequentially send the guessed port number and the guessed port policy corresponding to each port to the client device and the server device according to the respective NAT types of the client device and the server device;
the connection module 503 guesses the port of the other side by the client device and the server device according to the guessed port number and the guessed port policy received by the client device and the server device, and establishes the tunnel connection if the guesses are correct.
On the basis of the above embodiment, optionally, the issuing module includes:
the device comprises an acquisition unit, a processing unit and a processing unit, wherein the acquisition unit is used for acquiring a pre-established connection scheme comparison table; the connection scheme comparison table records the guessed number of ports corresponding to different NAT types under different tunnel connection power;
and the selecting and issuing unit is used for determining port guess numbers respectively corresponding to the NAT type of the client equipment and the NAT type of the server equipment from the connection scheme comparison table according to the set current tunnel connection success rate, and issuing the port guess numbers to the client equipment and the server equipment in sequence.
On the basis of the above embodiment, optionally, the selecting and issuing unit includes:
the acquiring subunit is used for acquiring a floating value of a preset tunnel connection success rate;
the first selection subunit is used for determining the success rate of the candidate tunnel connection from the connection scheme comparison table according to the floating value and the current tunnel connection success rate;
and the second selecting subunit is used for determining port guess numbers respectively corresponding to the NAT type of the client device and the NAT type of the server device from port guess numbers respectively corresponding to different NAT types under the power formed by connecting the candidate tunnels according to the port resources and the performance parameters of the client device and the server device.
On the basis of the above embodiment, optionally, the method further includes:
the statistical module is used for counting the real connection success rate of the tunnel connection established between the client device and the server device;
and the replacing module is used for judging whether the real connection success rate is greater than the current tunnel connection power or not, and if so, replacing the current tunnel connection success rate by using the real connection success rate.
On the basis of the above embodiment, optionally, the target type combination is a combination of a symmetric NAT and a port restricted conical NAT; the port guessing strategy comprises a setting strategy of a source port and a destination port when the client device or the server device sends guessing messages.
On the basis of the above embodiment, optionally, the NAT type of the client device is a symmetric NAT, and the NAT type of the server device is a port restricted cone NAT;
correspondingly, the connection module comprises:
the first report sending unit is used for sending a first type guessing message with random source port and fixed destination port to the server equipment through the client equipment according to the own public network IP port information and the public network IP port information of the server equipment, wherein the number of the first type guessing messages is equal to the guessed number of the ports received by the client equipment;
and the second sending unit is used for sending second guess messages with fixed source ports and random destination ports to the client equipment through the server equipment according to the own public network IP port information and the public network IP port information of the client equipment, wherein the number of the second guess messages is equal to the number of port guesses received by the server equipment.
On the basis of the above embodiment, optionally, the NAT type of the client device is a port restricted cone NAT, and the NAT type of the server device is a symmetric NAT;
correspondingly, the connection module comprises:
the third sending unit is used for sending a third type guessing message with a fixed source port and a random destination port to the server equipment through the client equipment according to the own public network IP port information and the public network IP port information of the server equipment, wherein the number of the third type guessing message is equal to the guessed number of the ports received by the client equipment;
and the fourth transmitting unit is used for transmitting a fourth type guessing message with random source port and fixed destination port to the client equipment through the server equipment according to the own public network IP port information and the public network IP port information of the client equipment, wherein the number of the fourth type guessing messages is equal to the number of port guesses received by the server equipment.
The device provided by the embodiment of the disclosure can execute the tunnel connection method provided by any embodiment of the disclosure, and has corresponding functional modules and beneficial effects for executing the tunnel connection method. Reference may be made to the description of any method embodiment of the disclosure for a matter not explicitly described in this embodiment.
Fig. 6 is a schematic structural diagram of an electronic device provided in an embodiment of the present disclosure. In the embodiment of the present disclosure, the electronic device is exemplified by a server device. As shown in fig. 6, the electronic device provided in the embodiment of the present disclosure includes: one or more processors 602 and memory 601; the processor 602 in the electronic device may be one or more, and one processor 602 is taken as an example in fig. 6; the memory 601 is used to store one or more programs; the one or more programs are executed by the one or more processors 602, such that the one or more processors 602 implement the tunneling method as in any of the embodiments of the present disclosure.
The electronic device may further include: an input device 603 and an output device 604.
The processor 602, the memory 601, the input device 603, and the output device 604 in the electronic apparatus may be connected by a bus or other means, and fig. 6 illustrates an example of connection by a bus.
The memory 601 in the electronic device, which is a computer-readable storage medium, may be used to store one or more programs, which may be software programs, computer-executable programs, and modules. The processor 602 executes various functional applications and data processing of the electronic device by executing software programs, instructions and modules stored in the memory 601, that is, implements the tunnel connection method in the above method embodiment.
The memory 601 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to use of the electronic device, and the like. Further, the memory 601 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some examples, the memory 601 may further include memory located remotely from the processor 602, which may be connected to the device via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input device 603 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function controls of the electronic apparatus. The output device 604 may include a display device such as a display screen.
And, when the one or more programs included in the above-described electronic device are executed by the one or more processors 602, the programs perform the following operations:
responding to connection requests respectively initiated by the client device and the server device, and judging whether NAT type combinations of the client device and the server device are target type combinations or not by the server device;
if so, sequentially sending the port guess number and the port guess strategy corresponding to the client equipment and the server equipment according to the respective NAT types of the client equipment and the server equipment;
the client device and the server device guess the ports of the other side each other according to the port guessing number and the port guessing strategy received by the client device and the server device, and establish tunnel connection under the condition that the port guesses correctly.
Of course, it can be understood by those skilled in the art that when one or more programs included in the electronic device are executed by one or more processors, the programs may also perform related operations in the tunnel connection method provided in any embodiment of the present disclosure.
One embodiment of the present disclosure provides a computer-readable storage medium, on which a computer program is stored, where the program, when executed by a processor, is used to execute a tunneling method applied to a smart device networking system, where the smart device networking system includes at least a server device deployed in a public network, and a client device and a server device deployed in different private networks, and the method includes:
responding to connection requests respectively initiated by client equipment and server equipment, and judging whether NAT type combinations of the client equipment and the server equipment are target type combinations or not by the server equipment;
if yes, sequentially sending port guess number and port guess strategies corresponding to the client equipment and the server equipment according to the NAT types of the client equipment and the server equipment;
the client device and the server device guess the ports of the other side each other according to the port guessing number and the port guessing strategy received by the client device and the server device, and establish tunnel connection under the condition that the port guesses correctly.
The computer storage media of the disclosed embodiments may take any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a Read Only Memory (ROM), an Erasable Programmable Read Only Memory (EPROM), a flash Memory, an optical fiber, a portable CD-ROM, an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. A computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take a variety of forms, including, but not limited to: an electromagnetic signal, an optical signal, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, radio Frequency (RF), etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, smalltalk, C + +, and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
It is to be noted that the foregoing is only illustrative of the presently preferred embodiments of the present disclosure and that the present principles apply. Those skilled in the art will appreciate that the present disclosure is not limited to the specific embodiments illustrated herein and that various obvious changes, adaptations, and substitutions are possible, without departing from the scope of the present disclosure. Therefore, although the present disclosure has been described in greater detail with reference to the above embodiments, the present disclosure is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present disclosure, the scope of which is determined by the scope of the appended claims.

Claims (10)

1. A tunnel connection method is characterized in that the tunnel connection method is applied to an intelligent device networking system, the intelligent device networking system at least comprises server equipment deployed in a public network, client equipment and server equipment deployed in different private networks, and the method comprises the following steps:
responding to connection requests respectively initiated by the client device and the server device, and judging whether NAT type combinations of the client device and the server device are target type combinations or not by the server device;
if so, sequentially sending the port guess number and the port guess strategy corresponding to each to the client equipment and the server equipment according to the respective NAT type of the client equipment and the server equipment;
the client device and the server device guess the ports of the other side according to the port guessing number and the port guessing strategy received by the client device and the server device respectively, and establish tunnel connection under the condition of correct guess.
2. The method of claim 1, wherein sequentially sending the guessed number of the corresponding ports to the client device and the server device according to the respective NAT types of the client device and the server device comprises:
acquiring a pre-established connection scheme comparison table; the connection scheme comparison table records the guessed number of ports corresponding to different NAT types under different tunnel connection power;
and determining port guess numbers respectively corresponding to the NAT type of the client equipment and the NAT type of the server equipment from the connection scheme comparison table according to the set current tunnel connection success rate, and sequentially issuing the port guess numbers to the client equipment and the server equipment.
3. The method of claim 2, wherein determining port guess numbers corresponding to the NAT type of the client device and the NAT type of the server device from the connection scheme lookup table according to the set current tunnel connection success rate includes:
acquiring a floating value of a preset tunnel connection success rate;
determining the connection success rate of the candidate tunnel from the connection scheme comparison table according to the connection power of the floating value and the current tunnel;
and determining port guess numbers corresponding to the NAT type of the client device and the NAT type of the server device from port guess numbers corresponding to different NAT types under the power formed by connecting the candidate tunnels according to the port resources and the performance parameters of the client device and the server device.
4. The method of claim 2, wherein after establishing the tunnel connection under the right guess, the method further comprises:
counting the real connection success rate of the tunnel connection established between the client device and the server device;
and judging whether the real connection success rate is greater than the current tunnel connection power, if so, replacing the current tunnel connection success rate by using the real connection success rate.
5. The method of claim 1, wherein the target type combination is a combination of symmetric NAT and port restricted cone NAT; the port guessing strategy comprises setting strategies of a source port and a destination port when the client device or the server device sends guessing messages.
6. The method of claim 5, wherein the NAT type of the client device is symmetric NAT and the NAT type of the server device is port restriction cone NAT;
correspondingly, the client device and the server device guess the port of the other side according to the port guess number and the port guess strategy received by the client device and the server device, and the method comprises the following steps:
the client equipment sends a first type guess message with random source port and fixed target port to the server equipment according to the public network IP port information of the client equipment and the public network IP port information of the server equipment, wherein the number of the first type guess message is equal to the number of port guesses received by the client equipment;
and the server equipment sends a second type guessing message with a fixed source port and a random destination port to the client equipment according to the public network IP port information of the server equipment and the public network IP port information of the client equipment, wherein the number of the second type guessing messages is equal to the number of port guesses received by the server equipment.
7. The method of claim 5, wherein the NAT type of the client device is port restriction cone NAT, and the NAT type of the server device is symmetric NAT;
correspondingly, the client device and the server device guess the port of the other side according to the port guess number and the port guess strategy received by the client device and the server device, and the method comprises the following steps:
the client device sends a third type guessing message with a fixed source port and a random destination port to the server device according to the public network IP port information of the client device and the public network IP port information of the server device, wherein the number of the third type guessing message is equal to the number of port guesses received by the client device;
the server side equipment sends a fourth type guessing message with random source port and fixed destination port to the client side equipment according to the self public network IP port information and the public network IP port information of the client side equipment, wherein the number of the fourth type guessing message is equal to the number of port guesses received by the server side equipment.
8. The utility model provides a tunnel connection device, its characterized in that disposes in smart machine networking systems, smart machine networking systems is at least including the server equipment of deploying at public network to and deploy at the client device and the server side equipment of different private networks, the device includes:
the judging module is used for responding to connection requests respectively initiated by the client device and the server device and judging whether the NAT type combination of the client device and the server device is a target type combination or not through the server device;
the issuing module is used for sequentially sending the guessed port number and the guessed port strategy to the client equipment and the server equipment according to the respective NAT types of the client equipment and the server equipment if the judging result is yes;
and the connection module guesses the ports of the opposite sides mutually through the client device and the server device according to the guessed port number and the guessed port strategy, and establishes tunnel connection under the condition of correct guess.
9. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein, the first and the second end of the pipe are connected with each other,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-7.
10. A non-transitory computer readable storage medium having stored thereon computer instructions for causing the computer to perform the method of any one of claims 1-7.
CN202111142072.6A 2021-09-28 2021-09-28 Tunnel connection method and device, electronic equipment and storage medium Pending CN115914164A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111142072.6A CN115914164A (en) 2021-09-28 2021-09-28 Tunnel connection method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111142072.6A CN115914164A (en) 2021-09-28 2021-09-28 Tunnel connection method and device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN115914164A true CN115914164A (en) 2023-04-04

Family

ID=86496185

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111142072.6A Pending CN115914164A (en) 2021-09-28 2021-09-28 Tunnel connection method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN115914164A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117176781A (en) * 2023-11-01 2023-12-05 北京融为科技有限公司 Point-to-point networking method and device
CN117729052A (en) * 2024-02-06 2024-03-19 北京天维信通科技股份有限公司 Multi-port-based tunnel traffic confusion method and device

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117176781A (en) * 2023-11-01 2023-12-05 北京融为科技有限公司 Point-to-point networking method and device
CN117176781B (en) * 2023-11-01 2024-03-26 北京融为科技有限公司 Point-to-point networking method and device
CN117729052A (en) * 2024-02-06 2024-03-19 北京天维信通科技股份有限公司 Multi-port-based tunnel traffic confusion method and device
CN117729052B (en) * 2024-02-06 2024-04-16 北京天维信通科技股份有限公司 Multi-port-based tunnel traffic confusion method and device

Similar Documents

Publication Publication Date Title
US9602428B2 (en) Method and apparatus for locality sensitive hash-based load balancing
CN108322467B (en) OVS-based virtual firewall configuration method, electronic equipment and storage medium
JP2018528679A (en) Device and method for establishing a connection in a load balancing system
US9094483B2 (en) System and method for collecting and evaluating statistics to establish network connections
CN115914164A (en) Tunnel connection method and device, electronic equipment and storage medium
CN110915188A (en) Probabilistic relaying for efficient propagation in block-chain networks
US10367893B1 (en) Method and apparatus of performing peer-to-peer communication establishment
JP6598771B2 (en) Distributed data transmission in data networks
CN109922144B (en) Method and apparatus for processing data
CN106452909B (en) A kind of route issuing method and Router Reflector equipment
WO2017190467A1 (en) Adjustment method and apparatus for maximum transmission unit of terminal, and terminal device
CN112152880A (en) Link health detection method and device
US11961074B2 (en) Method and system for a network device to obtain a trusted state representation of the state of the distributed ledger technology network
CN114500633A (en) Data forwarding method, related device, program product and data transmission system
CN106878320A (en) A kind of method and apparatus for preventing IP address spoofing
CN116708358B (en) P2P traversing method, device and storage medium
CN112838983B (en) Data transmission method, system, device, proxy server and storage medium
CN117118914A (en) Flow rate limiting method, system, device, equipment and medium
CN107592361B (en) Data transmission method, device and equipment based on dual IB network
CN115277539A (en) Data transmission method, routing cluster and edge node
US9455911B1 (en) In-band centralized control with connection-oriented control protocols
JP3929969B2 (en) COMMUNICATION SYSTEM, SERVER, TERMINAL DEVICE, COMMUNICATION METHOD, PROGRAM, AND STORAGE MEDIUM
CN113904980B (en) Channel switching method, device, switch and storage medium
CN114205405B (en) BFD message sending method and device, electronic equipment and storage medium
CN116938598B (en) Information transmission method, apparatus, electronic device, and computer-readable medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination